CVE-2016-1373

The gadgets-integration API in Cisco Finesse 8.5(1) through 8.5(5), 8.6(1), 9.0(1), 9.0(2), 9.1(1), 9.1(1)SU1, 9.1(1)SU1.1, 9.1(1)ES1 through 9.1(1)ES5, 10.0(1), 10.0(1)SU1, 10.0(1)SU1.1, 10.5(1), 10.5(1)ES1 through 10.5(1)ES4, 10.5(1)SU1, 10.5(1)SU1.1, 10.5(1)SU1.7, 10.6(1), 10.6(1)SU1, 10.6(1)SU2, and 11.0(1) allows remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted request, aka Bug ID CSCuw86623.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.6 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N
ciscoCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 46%
VendorProductVersion
ciscofinesse
8.5\(1\)_base
ciscofinesse
8.5\(2\)_base
ciscofinesse
8.5\(3\)_base
ciscofinesse
8.5\(4\)_base
ciscofinesse
8.5\(5\)_base
ciscofinesse
8.6\(1\)_base
ciscofinesse
9.0\(1\)_base
ciscofinesse
9.0\(2\)_base
ciscofinesse
9.1\(1\)_base
ciscofinesse
9.1\(1\)_es1
ciscofinesse
9.1\(1\)_es2
ciscofinesse
9.1\(1\)_es3
ciscofinesse
9.1\(1\)_es4
ciscofinesse
9.1\(1\)_es5
ciscofinesse
9.1\(1\)_su1
ciscofinesse
9.1\(1\)_su1.1
ciscofinesse
10.0\(1\)_base
ciscofinesse
10.0\(1\)_su1
ciscofinesse
10.0\(1\)_su1.1
ciscofinesse
10.5\(1\)_base
ciscofinesse
10.5\(1\)_es1
ciscofinesse
10.5\(1\)_es2
ciscofinesse
10.5\(1\)_es3
ciscofinesse
10.5\(1\)_es4
ciscofinesse
10.5\(1\)_su1
ciscofinesse
10.5\(1\)_su1.1
ciscofinesse
10.5\(1\)_su1.7
ciscofinesse
10.6\(1\)_base
ciscofinesse
10.6\(1\)_su1
ciscofinesse
10.6\(1\)_su2
ciscofinesse
11.0\(1\)_base
𝑥
= Vulnerable software versions
References
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse
http://www.securitytracker.com/id/1035756
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-finesse
http://www.securitytracker.com/id/1035756